]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fa27601) | patch
nfsd4: recheck for secure ports in fh_verify
authorJ. Bruce Fields <bfields@citi.umich.edu>
Mon, 12 Nov 2007 21:05:03 +0000 (16:05 -0500)
committerLinus Torvalds <torvalds@woody.linux-foundation.org>
Mon, 12 Nov 2007 22:28:08 +0000 (14:28 -0800)
commit12ba294cc83380f944eb761d465e5b3041601a89
tree063ee35d4da2bd1289ae9e9a64b5f02c825ef5f2tree | snapshot
parentfa27601b2f89f2d698c48781de346f0d81928455commit | diff
nfsd4: recheck for secure ports in fh_verify

As with commit 7e0fd1b32dc15861cd70a6a723d9513ccacfac9e ("knfsd: nfsd:
call nfsd_setuser() on fh_compose(), fix nfsd4 permissions problem")
this is a case where we need to redo a security check in fh_verify()
even though the filehandle already has an associated dentry--if the
filehandle was created by fh_compose() in an earlier operation of the
nfsv4 compound, then we may not have done these checks yet.

Without this fix it is possible, for example, to traverse from an export
without the secure ports requirement to one with it in a single
compound, and bypass the secure port check on the new export.

While we're here, fix up some minor style problems and change a printk()
to a dprintk(), to make it harder for random unprivileged users to spam
the logs.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Reviewed-By: NeilBrown <neilb@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
fs/nfsd/nfsfh.c diff | blob | history
Linux Kernel Source Tree.